(ISC)² CyberSecureGov-2013

Join us for an exciting two days as we explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring during this time of transition, what new resources are emerging -- from both industry and government -- that hold promise in helping to fulfill the mission of securing government systems and citizens, and more.

• Keynotes from leading government cyber security professionals
• Panels with industry leaders
• Two dedicated managerial and technical tracks
• Networking with experts and cyber security professional
• CISOs, CIOs, CTOs
• Chief Architects
• Security Managers
• Senior IT Program Management
• Cyber Professionals

Topics to be covered:

A Snapshot of the Top Issues Impacting Government's Human Assets (Based on newly released findings of 2013 (ISC)2 Global Workforce Study)
Roundtable discussion lead by (ISC)² Executive Director, Hord Tipton
Ernest McDuffie, PH. D.-Lead for the National Initiativefor Cybersecurity Education (NICE), United States Department of Commerce (DoC) and National Institute of Standards and Technology (NIST)
Craig M. McComb, DAF, GS15 Deputy CIO 88th CG/SC, US Air Force Life Cycle Management Center
Robin "Montana" Williams, Director of National CyberSecurity Education and Workforce Development Office

Critical Infrastructure Protection -Separating Fact from Fiction: Just how vulnerable is vulnerable?
 With all the hype around cybersecurity, it's hard to tell what's true and what isn't. Understanding the real threats, vulnerabilities and impacts to Critical Infrastructure is a significant challenge. Discerning practical and cost-effective risk management strategies to mitigate the risk can be equally difficult. Hear the ground truth about what's happening in the cybersecurity trenches and what you should do about it.
Patrick Miller, Founder, Director and President Emeritus of EnergySec and the National Electric Sector Cybersecurity Organization (NESCO).  

Realizing The Untapped Benefits of Security Automation
This panel discussion will feature industry and agency security experts sharing the out-of-the-box strategies and tactics they're taking with continuous monitoring practices and the impact it's having on their larger information security efforts.
Panelists:
Chris Runde-Vce President of Transportation & Government Solutions/AlterEnterprise
Leo Scanlon-CISO at NARA
Al Seifert-Chief Executive Officer, MSB Cybersecurity
Moderator:
Bill Jackson-Senior Correspondent, GCN Magazine

Managing the BYOD Revolution
This session will discuss the way forward for agencies that want to implement a Bring Your Own Device (BYOD) initiative, including providing an overview of how mobile devices are beginning to dominate existing government mandates and architectures, the security and management challenges and solutions involved and the best practices that are being shown to effectively manage this burgeoning type of program.
Panelists:
Darren Ash-CIO at (NRC)
Eugene Liderman- Director of Public Sector. Technology @ Good Technology
Carlos Edwards
Moderator:
Aliya Sternstein-Government Executive Magazine

Offensive Countermeasures
The Internet is considered a hostile environment but nothing is less forgiving than nature yet many vulnerable species survive through generations.  Not everyone gets to be king of the jungle yet they all survive for millions of years.  What are the defensive strategies of prey species who have no offensive capabilities?  Are there strategic patterns in nature that can be used to design an active defense in an increasing hostile environment?
Tim Keanini, Chief Reseach Officer, nCircle

Employee and User Expectation of  Privacy in Mobile Applications 
In light of recent changes in technology and law, employers are increasingly shifting the burden of mobile device selection and utilization to an employee support model.  What are the ramifications of this model on privacy rights, and what options do corporations have in assuring the security of their data?
Spencer Wilcox, Special Assistant to the VP and Lead Security Strategist at Exelon

Credentialing in the Cloud: Overcoming the next FedRAMP hurdles. 
The Federal Risk and Authorization Management Program (FedRAMP), designed to reduce duplicative efforts, inconsistencies and cost inefficiencies associated with the current security authorization process, is finally getting underway, with two cloud service providers recently approved. But how much progress is really being made, what are the next set of security issues that must be overcome and what do information security professionals in both industry and government need to understand to effectively comply with and make the most of this initiative? This session will address these questions and more.
Steven Hernandez-Moderator 
Panelists:
Maria Roat, Director of FedRamp
Zack Brown, CISO, CFPB
Dan Waddell, Senior Director, Information Assurance & Cybersecurity, eGlobalTech

Supply Chain Risk Management Practices for Federal Information Systems 
Agencies are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of technologies and the growing speed and scale of a complex, distributed global supply chain. Agencies do not have a consistent or comprehensive way of understanding the processes and practices used to create and deliver the hardware and software products and services that they procure, making it increasingly difficult to understand their exposure and manage the associated supply chain risks. Managing supply chain risk is a strategic challenge that requires increased coordination among a multidisciplinary team of stakeholders representing information technology and security, acquisition, legal, engineering, integration, suppliers, and the mission. This session will describe NIST's work on supply chain risk management and offer an overview of NIST's approach to future guidance.
Jon Boyens-Senior Advisor for Information Security at NIST

Big Data and Automated Intelligence Sharing

Big Data, Continuous Monitoring and Automated Sharing: So What Will All The People Do? The promise of leveraging highly scalable analytic methods, continuous monitoring instruments, and automated information sharing protocols is that network defenders and security professionals will be able to marshal sophisticated automata to assist with ever greater volumes of the cybersecurity workload. If we assume that these types of initiatives are successful, what might the average cybersecurity "day in the life" start to look like? More importantly, as cybersecurity practitioners automate more and more of their efforts, how should we seek to maximize the value of the human contribution?
Tom Millar, DHS

Breaking the Barriers to Developing Skilled Cyber Leaders 
This panel of former recipients of the prestigious (ISC)² Government Information Security Leadership Award will discuss their career development, the innovative steps they took to increase their influence as an information security professional and their thoughts on what is necessary to attract and foster the information security leaders of the future.
Panelists:
Dr. Emma Garrison-Alexander-Assistant Administrator Chief Information Officer-Office of Information Technology
Harold J. Arata III, PhD-Associate Director, Airforce Cyberspace-Technical Center of Excellence
Moderator:
Joe Jarzombek-Director for Software Assurance Stakeholder Engagement & Cyber Infrastructure Resilience Cyber Security and Communications Department of Homeland Security

What's New in NIST SP 800-53 Revision 4
Kelley L. Dempsey, Senior Information Security Specialist at National Insitute of Standards and Technology Information Technology, Laboratory/Computer Division